double agent [ RESOLVED ] Double agent

[Tonyidkwhat]

I have an infection called double agent and I am not able to boot into safe mode with networking with internet and in result not being able to log into safe mode, thank you

[poht]

Hi... Is a new and very recent malware, here I leave you more information:

DoubleAgent: Zero-Day Code Injection and Persistence Technique

https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/

this part:

Mitigation
Microsoft has provided a new design concept for antivirus vendors called Protected Processes. The new concept is specially designed for antivirus services. Antivirus processes can be created as “Protected Processes” and the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks. This means that even if an attacker found a new Zero-Day technique for injecting code, it could not be used against the antivirus as its code is not signed. Currently no antivirus (except Windows Defender) has implemented this design. Even though Microsoft made this design available more than 3 years ago.
It’s important to note, that even when the antivirus vendors would block the registration attempts, the code injection technique and the persistency technique would live forever since it’s legitimate part of the OS.

but in your case, i think you should reinstall win...

[Aura]

Hi Tonyidkwhat

DoubleAgent isn't an "infection" per say, but a vulnerability. I doubt you are infected "by" it, but you could have been infected by malware that "uses" that method. How do you know that you are infected by it?

[IdefixPC]

On 29/03/2017 at 3:17 AM, poht said:

DoubleAgent: Zero-Day Code Injection and Persistence Technique

https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/

Hello,

Have Malwarebytes team planed and update to protect our MB software ?

Thanks

[Aura]

Malwarebytes has already been updated for Double agent. The vulnerability was addressed in v3.0.6 CU4.

[IdefixPC]

38 minutes ago, Aura said:

Malwarebytes has already been updated for Double agent. The vulnerability was addressed in v3.0.6 CU4.

Thanks @Aura 

I have read the list of fixed issues with CU4 but have seen nothing about Double agent vulnerability: 

 

[Aura]

Sorry my bad, it was in CU3, not CU4.

https://forums.malwarebytes.com/topic/197059-malwarebytes-306-cu3/

Quote

Additionally, both this update and our previous 3.0.6 upgrade addressed a number of vulnerabilities reported to us by various security researchers.  Malwarebytes would like to thank John Page (hyp3rlinx) at ApparitionSec, Florian Bogner, Michael Engstler at Cybellum and Fortinet for their reports.

 

[IdefixPC]

4 minutes ago, Aura said:

Sorry my bad, it was in CU3, not CU4.

https://forums.malwarebytes.com/topic/197059-malwarebytes-306-cu3/

 

Thanks @Aura for this "update"

[exile360]

Closing this thread as it's been resolved.